﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;

namespace App
{
    public class Common
    {
        /**
         * 过滤sql字符内容
         */
        public static bool FilterSqlCharacter(string sql)
        {
            bool result = true;
            try
            {
                if (!string.IsNullOrWhiteSpace(sql))
                {
                    string SqlStr = "select*|and'|or'|insertinto|deletefrom|altertable|update|createtable|createview|dropview|createindex|dropindex|createprocedure|dropprocedure|createtrigger|droptrigger|createschema|dropschema|createdomain|alterdomain|dropdomain|);|select@|declare@|print@|char(|select";
                    string[] anySqlStr = SqlStr.Split('|');
                    foreach (string ss in anySqlStr)
                    {
                        if (sql.IndexOf(ss) >= 0)
                        {
                            result = false;
                        }
                    }
                }
            }
            catch
            {
                result = false;
            }
            return result;
        }
    }
}